Province College entrance examination volunteer fill reporting system vulnerabilities-vulnerability warning-the black bar safety net

2006-09-11T00:00:00
ID MYHACK58:62200611619
Type myhack58
Reporter 佚名
Modified 2006-09-11T00:00:00

Description

|

Compiled by: education system of the College entrance examination......that Online fill volunteer to facilitate the majority of candidates, but the security on the negligence and vulnerability can also increase a lot of unnecessary trouble, this is to remind educators, Safety first.

The province this year College entrance examination volunteer fill in the implementation of online reporting, in the simulation reported a walkthrough when this is all implemented on the Internet reported, but because of the drills when a sudden volume of traffic, resulting in network speed N slow, or even be a normal visit to get a denial of service. I'm crazy sweat! Then the above considerations to this problem is only in two of the city implementation of online voluntary reporting, the other by the LAN reporting agreed reporting. In the walkthrough when I was not assured that the security of the system, but was not able to find out what vulnerability. Later on I heard I of the city are the two on the Internet to fill the city one of the most recent in the reporting process also really let I found a little vulnerability, again, mad sweat! First talk about the systems security measures., after my walkthrough of the detection, the station system and the script are well done, now to find vulnerabilities only from the other aspects. This system is formally fill volunteer before are required to fill in the ticket number, registration number, ID number, password and verification code to login as shown in Figure 1, the login must change the password before beginning the fill, change the password again after login simply enter the ticket number and password, a verification code will be able to login. As shown in Figure 2 is to change the password after the login page. At first glance you want to fill so much information seems to have been very safe, it is not. We still look at him asked to enter something out of it, in fact, most Main of is Password a items that nonsense is. We not to mention everyone after the change of the password is idiot case, we first take a look at his original password how to get. The original password is composed of a single examination Unified the free distribution of volunteer fill in card number and password consisting of, add up to more than a dozen, to blasting is not likely. But I noticed that the teacher in this card is a mess, is not one to one. Then the same password is not can log in to multiple accounts? Oh, we try not you know slightly. I just got the card soon after boarding go in and change the password, just I have a school card is missing, going to the city admissions office address, I'll call him tried to use my card login, results...... Actually succeed, Khan~~~~~~~~~~~~~。 As a result, we do not have the opportunity to take?? Maybe someone will say How do we know someone's ticket number, registration number and identity card number, it is actually very simple, our registration number is by class and student number in order of priority, so long as we know someone else's class and student number and then according to their own registration number you can launch someone else's registration number, and the ticket number is based on the registration number of the sequentially arranged, then according to the registration number and can be extrapolated to someone else's ticket number. As for the ID?, is composed of a 6-bit fixed digital+date of birth+4 digits, the last bit may also be X. Front that 6 We're aware of, and date of birth?, we can call each other to write classmates set out, the last 4 bits we can through the software to batch testing I tried the password wrong N times can be logged, and the most troublesome to code, currently to this I also only use the hand to lose, but I heard that there is technology it is possible to identify the verification code, if it is really that simple. Think, the College entrance examination volunteer fill in is how big, if really someone vandalize that after over not on the...... Of course, if you start to change someone else's password to others so long as the relevant materials to the city admissions office can help you change your password, no big deal trouble spots, then fill in the volunteer to change someone else password and then get rid of him volunteering? He will definitely be in the request to print is confirmed by surprise, but this time to change volunteers is not so simple, because required via the print after the volunteer is prohibited to modify the. So how in someone to fill the volunteer to change his password? You want to know then the password, but he himself changed! Oh, we front told password forgot to can take the relevant materials to the city admissions office change? The city admissions office is how to change? I remember the walkthrough is done on a volunteer fill in the login page below has a management connection, although now gone, but directly enter the URL can still access the Oh, such as in Figure 3 It! So how do we give the Administrator's username and password? Oh, actually we can pretend to forget the password to go to the Admissions Office of his change, so that we can get his username-is to look at the screen, I don't have that knack for remembering him on the keyboard playing is what, following on the remaining password. I came to the city admissions office on the website around a bit, and found that the system and home page are no loopholes, there is a dynamic network 7. 1 of the forum. Like no way! Don't worry, I try to access http://www. xxx. com/bbs/data/dvbbd7. mdb emerged download prompt as shown in Figure 4, the mad Halo! In dv_log I found the admin Password, try this password and I peek to the user name to log on, and actually succeed!! Now I can already manage the city's candidate file. Sweat! Not dare to move, lest be caught, quickly exit the flash man!